how much is the phish?

The phone-system but also the E-Mail system, are amongst the oldest, previous analog, now digital systems still in use today (the first E-Mail was send 1971).

Unfortunately both systems – back then – were not designed with security in mind.

“An attack of this kind and intensity on the servers speaks for a criminal background. Therefore, the specialists of the competent authorities are also active. The good news: There are still no signs of an abusive data tapping. 3/4 — DKB – Das kann Bank (@DKB_de) January 10, 2020” (https://twitter.com/DKB_de/status/1215536233738391552)

Wrote the bank in 2020.

Not saying it is related, but … the mail read like this:

“Ihre Sicherheit ist uns wichtig – neue TAN2go-Freischaltung (NFT #123123123#)”

“Sehr geehrter Herr X,

kürzlich wurde in Ihrem Banking ein neues Smartphone/Tablet für das TAN2go-Verfahren
freigeschaltet, ein bestehendes Gerät geändert oder gelöscht.

Zu Ihrer Sicherheit wollen wir uns vergewissern, dass Sie dies selbst veranlasst haben.

Falls ja, können Sie sich entspannt zurücklehnen. Eine Antwort an uns ist nicht notwendig.

Falls nein, dann melden Sie sich bitte umgehend bei uns.

Vielen Dank für Ihre Unterstützung.

Mit freundlichen Grüßen

Ihre DKB”

AND SMS.

in English the SMS Reads “There is an Online-Order pending. We contacted you via E-Mail. Your DKB”

the Mail reads: “Your safety is important to us – new TAN2go activation (NFT #123123123#)”

“Recently, a new smartphone/tablet for the TAN2go procedure was installed in your banking unlocked, an existing device changed or deleted.
For your safety, we want to make sure that you have done this yourself.
If so, you can sit back and relax.
An answer to us is not necessary.
If not, please contact us immediately.
Thank you for your support.”
Of course this is a trick, by a perfectly forged mail (unfortunatley mail-sender AND even calling-phone-numbers sms-sender-phone-number can be ARBITRARILY changed to whatever liking of the sender), to make the receiver respond to the mail, which would trigger further social engineering/phishing attacks-attempts by the scammers, in order to extract online banking credentials and in the end: the user’s money.

This simply proofs, that the scammers (it would be an insult to true hackers to call them hacker) somehow managed to get hold of DKB bank’s customer records.

When a bank or company get’s hacked and data stolen, the DSGVO / GDPR EU law says, all customers have to be informed, including what info was possibly taken/compromised/stolen and (of course) immediately change all passwords.

another reason why data privacy MATTERS and software (app) minimalism is KEY: 36% of all (Android Google Play hosted) Apps use privacy problematic SDK

the more data scammers can gather and load into their databases, the more sophisticated/targeted the attacks and scams will become (of COURSE they will abuse AI for this as well…)

the bigger problem with Opera might be this: the Russian Yandex SDK:

  • “A development kit for applications offered for free by Yandex, the Russian tech giant, collects information, which is then stored on Russian servers.”
  • “The proximity between the company and the Kremlin raises questions about the end use of this data.”
  • “Your personal data probably ends up on Russian servers.”
  • “On Tuesday, March 29, the British daily Financial Times revealed that tens of thousands of applications have been developed using software that retrieves users’ information.”
  • “The computer tool is provided by Yandex, a Russian search engine, Google’s main competitor in this country.”
  • “The recovered data is then stored in servers in Russia and Finland.”
  • “In the clutches of the Kremlin AppMetrica’s “open access” makes it one of the most used tools on the market: 36% of applications on Google Play go through this SDK and 11% on the App Store according to Appfigures.”
  • “Among the services offered are video games, messaging apps and virtual private networks (VPNs), designed to browse the web without being tracked.”
  • 7x VPN apps are offered specifically for the Ukrainian public, according to financial times.”
  • “In total, it would be applications installed hundreds of millions of times that would be affected.”
  • auto translated from (src: numerama.com)

(… Google & Apple would NEVER do such things…. NEVER (right? X-D))

“A February 2020 research report published by the School of Computer Science and Statistics at Trinity College Dublin tested six browsers and deemed Brave to be the most private of them, in terms of phoning home: “In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari, and in the third (least private) group lie Edge and Yandex.”[108] (src)

“From a privacy perspective Microsoft Edge and Yandex are qualitatively different” (aka privacy wise THE WORST) “from the other browsers studied.”

how to mitigate? it-bio-diversity:

there needs to happen a complete re-design of the payment system centered around:

  1. security
  2. the need of the 99% not the 1%

According to Elon Musk the money system is “ancient mainframes” “running ancient cobol”.

Completely unfit for the 21st century.

Just as BAFIN has failed to effectively regulate banks, banks have failed to self-improof, this means: as competent as possible state actors have to (again) fix this shit, aka take matters (again) into their own hands and dictate positive change by law.

All Banks have done so far is cut on costs which means:

  1. abandon in-house development of software and basically all
    • use the same software
    • use the same datacenter (which of course makes them a “pretty” target)
  2. layed off IT-staff

But just as in nature – it-biodiversity is key for survival – if system A goes down – a completely different designed system B might still function.

But because the focus of the financial system of this US-EU capitalism is “growth” by “efficiency” (basically getting rid of people and automate everything, letting computer-programs aka AI do “the job”).

This over-focus on efficiency – completely disregarding all security and safeguards – has let to this situation – where one singular point of failure – will affect many banks – because they “consolidated” their IT into one system.

This is EXACTLY the reason, why airplanes have multiple redundant systems (ideally those systems are not the same but of different technologically nature, the “last one” even being purely mechanic).

If one system goes down – there need to be at least 3 (completely differently designed) systems to take over – avoiding a complete crash with (avoidable) fatalities.

But this would be against the “maximum efficiency” doctrine (aka this would cost money, who is going to pay for it? the shareholders? the bank’s CEO? the bank itself? the customers? the state?).

Well maybe this has to be re-thinked.

Because in an dysfunctional society, efficiency is not everything.

the offline trial run:

yes – unplug the internet wires – for 3 weeks and see how it goes – prepare as good as possible and then do this kind of “going back to analog” stress-test.

before ransome ware forces the company/bank: “The employees of the foreign exchange trader Travelex had to reach for pen and paper again” (src)

full raw mail header text:

IPs related to that DKB phishing mail:

  • 195.140.96.23 – org-name: Finanz Informatik GmbH & Co. KG
  • 172.18.42.42 – NetName: PRIVATE-ADDRESS
  • 4.243.27.74 – Organization: Microsoft Corporation (MSFT)
  • 4.243.11.63 – Organization: Microsoft Corporation (MSFT)
  • 4.243.40.252 – Organization: Microsoft Corporation (MSFT)
Return-Path: <info@dkb.de>
Received: from receiving.mail.server
by receiving.mail.server with LMTP
id SCcACZvYY2K9AQAA6UURkA
(envelope-from <info@dkb.de>); Sat, 23 Apr 2022 12:44:43 +0200
Envelope-to: mail@receiver.com
Delivery-date: Sat, 23 Apr 2022 12:44:43 +0200
Authentication-Results: receiving.mail.server;
iprev=pass (dkb02ea.mail.s-web.de) smtp.remote-ip=195.140.96.23;
spf=pass smtp.mailfrom=dkb.de;
dkim=pass header.d=dkb.de header.s=20170816 header.a=rsa-sha256;
dmarc=skipped
Received: from dkb02ea.mail.s-web.de ([195.140.96.23])
by receiving.mail.server with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim (HIDE THE DAMN VERSION EXIM))
(envelope-from <info@dkb.de>)
id 1niDFq-00008c-M9
for mail@receiver.com; Sat, 23 Apr 2022 12:44:43 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=dkb.de; q=dns/txt; s=20170816; t=1650710683;
x=1682246683;
h=date:from:to:subject:mime-version:
content-transfer-encoding:message-id;
bh=Q/oirj0Kyhbvs9Mco6PZTTFyT0+ZWaTTqDBbJTbzXtg=;
b=Lx57pqg+WfxpX3grTzsQK8xoly668qgYU/9Nfb9RIqaRV3hUBeK6ufGS
yNkgDUlTR6qc4djOuXdTO4tW3ltRzUtbmfnQRfu6+fMoPyT3VY06Xy7E3
ajsO3YAJMsp/l08biOP/h9xiUQrAfR4buTibMkyVwwmejLCDpC95mK1bu
EbpotL5HGJwz44zXnAqsVF2tNNulg/iJv0xb7N1JTb1nrUCD/9Ac4nG6r
yngZCf9hJBv/jwsxlHmc82BdlSjjkbwmrKH02yCkrUexWWr6whQDbqbID
Q4eDGaqgluNtiLmDTGXe1FtI56l5J0cq21uD2DF6c9r4ZiL5lq5n64pip
w==;
Message-ID: <2092147286.443.1650710673709.JavaMail.jboadmin@s-web.de>
Received: from unknown (HELO y03sm.mail.s-web.de) ([172.18.42.42])
by dkb02ev.mail.s-web.de with ESMTP/TLS/DHE-RSA-AES256-SHA256; 23 Apr 2022 12:44:35 +0200
Received: from unknown (HELO V968SPWMC1EX017.v968dpc1.v968.intern) () by
y03sm.mail.s-web.de with ESMTP/TLS/AES256-GCM-SHA384;
23 Apr 2022 12:44:34 +0200
Received: from V968SPWMC1EM742.v968dpc1.v968.intern (4.243.27.74) by
V968SPWMC1EX017.v968dpc1.v968.intern (4.243.11.63) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2375.24; Sat, 23 Apr 2022 12:44:33 +0200
Received: from dkb1l01ibp10009 (4.243.40.252) by
V968SPWMC1EM742.v968dpc1.v968.intern (4.243.27.74) with Microsoft SMTP Server
id 15.1.2375.24 via Frontend Transport; Sat, 23 Apr 2022 12:44:33 +0200
X-interface: clean
Date: Sat, 23 Apr 2022 12:44:33 +0200
From: <info@dkb.de>
To: <mail@receiver.com>
Subject: Ihre Sicherheit ist uns wichtig - neue TAN2go-Freischaltung (NFT
#1775224111#)
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable
X-TM-SNTS-SMTP:
67E3EBB109FAC6D2D36AC32E79D85EE07BBDEF254BF3EA2740FC88070E33F3592000:8
X-C2ProcessedOrg: 7b659bee-34e6-4f39-bd87-c46f88f7428f
X-DKIM-Status: pass [(dkb.de) - 195.140.96.23]
X-Virus-Scanned: Clear (ClamAV 0.103.5/26521/Sat Apr 23 10:22:50 2022)
X-Spam-Score: -2.4 (--)
Delivered-To: domainu-mail@receiver.com

<html>
<head>
</head>
<body style=3D"font-family: Arial; font-size: 10pt; color: black;">
<p id=3D"anrede">
Sehr geehrter Herr X,
</p>
<p id=3D"text">
k=FCrzlich wurde in Ihrem Banking ein neues Smartphone/Tablet f=FCr das=
TAN2go-Verfahren</br>
freigeschaltet, ein bestehendes Ger=E4t ge=E4ndert oder gel=F6scht.
</p>
<p id=3D"text">
Zu Ihrer Sicherheit wollen wir uns vergewissern, dass Sie dies selbst v=
eranlasst haben.
</p>
<p id=3D"text">
Falls ja, k=F6nnen Sie sich entspannt zur=FCcklehnen. Eine Antwort an u=
ns ist nicht notwendig.
</p>
<p id=3D"text">
<b>Falls nein, dann melden Sie sich bitte umgehend bei uns.</b>
</p>
<p id=3D"text">
Vielen Dank f=FCr Ihre Unterst=FCtzung.
</p>

<p id=3D"grussformel">
Mit freundlichen Gr&uuml;&szlig;en
<br><br>
Ihre DKB
</p>
</body>
</html>

Links:

Holy Crap: “For example, a survey by the consulting firm EY shows that more than half of all credit institutions describe the protection of their own companies against cyber attacks or IT failures as low or medium

https://www.stern.de/wirtschaft/hacker-angriff-auf-die-dkb–banken-kaempfen-mit-it-problemen-9081940.html

BAFIN: “The authority therefore regularly checks the IT systems of the banks – and is usually dissatisfied,” #wtf?
“According to the survey of risk managers of global banks, not even every second institution sees itself fully or largely prepared against failures due to IT disruptions or against damage caused by wanton attacks.”
“A narrow majority – 53% – notes only low or medium protection for their own institution, 13 % of the major banks surveyed are even at the beginning of this topic according to their own assessment.”
again: #WHAT #THE #SERIOUS #F***? So banks are failing society IN EVERY POSSIBLE WAY. THANKS ALL INVOVLED!
https://www.handelsblatt.com/finanzen/banken-versicherungen/banken/cyberrisiken-grossangriff-auf-die-banken-die-aufseher-sind-alarmiert/25399206.html

https://www.anwalt.de/rechtstipps/hackerangriff-2022-bankkonten-von-kunden-der-sparkasse-und-der-deutschen-kreditbank-ag-dkb-ag-gepluendert-185285.html

https://www.verbraucherzentrale.de/wissen/digitale-welt/phishingradar/phishingradar-aktuelle-warnungen-6059

https://www.trendsderzukunft.de/cybercrime-as-a-service-eine-immer-groessere-gefahr-fuer-unternehmen/

admin